Announcing the New Traps v3.4: Protect Yourself From Antivirus

Traditional antivirus (AV) is not the solution to endpoint security – it is the problem. AV is no longer effective at stopping today’s cyberthreats and to prevent security breaches in your organization, you must protect yourself not only from known and unknown cyberthreats but also from the failures of any traditional AV solutions deployed in your environment. Today, we’re announcing enhancements to Traps advanced endpoint protection that empower you to replace your AV with real breach prevention.

In this post, I’ll go over some of the enhancements we’ve made to Traps. For a deeper dive, I encourage you to learn more about Traps, its new and updated capabilities, and how it replaces traditional antivirus with true prevention, by downloading the “Protect Yourself From Antivirus” white paper, or by joining our webinar to see Traps in action.

Traps replaces traditional antivirus with a proprietary combination of purpose-built malware and exploit prevention methods that protect users and endpoints from both known and unknown threats. With Traps, you prevent security breaches, in contrast to detecting and responding to incidents after critical assets have already been compromised.

The updated release of Traps eliminates the need for traditional AV by enabling you to:

New and Improved Multi-Method Malware Prevention

Traps prevents malicious executables by maximizing coverage against malware while simultaneously reducing the attack surface and increasing the accuracy of malware detection. This approach combines several layers of protection that instantaneously prevent known and unknown malware from infecting your systems, whether they are online or offline, on-premise or off, connected to your organization’s network or not (Figure 1). Those layers include:

Static Analysis via Machine Learning [new]: Obtain an instantaneous verdict on any unknown executable file before it is allowed to run, without reliance on signatures, scanning or behavioral analysis.

Admin Override Policies [improved]: Define policies, based on the hash of an executable file, to control what is allowed to run in your environment and what is not.

Traps also quarantines malicious executables to prevent infected files from spreading to or infecting other users.

The combination of the above methods and capabilities not only prevents both known and unknown malware from compromising your systems but also enables you to fully customize the scope of prevention to meet your organization’s needs.

Improved Multi-Method Exploit Prevention

Traps uses an entirely new approach to prevent exploits. Instead of focusing on the millions of individual attacks, or their underlying software vulnerabilities, Traps focuses on the core exploitation techniques used by all exploit-based attacks. By identifying and pre-emptively blocking any exploitation technique the moment it is attempted, Traps prevents exploits from compromising your applications, including those developed in-house and those that no longer receive security support.

Traps protects applications and systems, whether or not they receive security patches, and regardless of network connectivity or physical location.

Automated Prevention via the Next-Generation Security Platform

Traps is the only endpoint protection offering that automatically converts the threat intelligence gained from a global community of over 10,000 WildFire subscribers and multiple threat intelligence sources into malware prevention.

When WildFire identifies an executable file as malicious, regardless of where that threat intelligence is gained, Traps automatically reprograms itself to prevent the execution of that file from that moment on. This process all but eliminates the opportunity for an attacker to use unknown and advanced malware to infect your systems because an attacker can use each piece of malware once, at most, anywhere in the world, and only has seconds to carry out an attack before WildFire renders it entirely ineffective.

As part of Palo Alto Networks Next-Generation Security Platform, Traps enables you and your organization to continuously apply the growing threat intelligence gained from thousands of enterprise customers, across both the network and endpoints, to your own environment.

2 Reader Comments

Tomasz Tajchman7:57 am on August 3, 2016

Good Afternoon

Looks like apart from the technical details implemented in 3.4, there is a clear message “you can replace your av software with traps now”. My understanding was that previous versions were rather considered to work together with av and not to replace it.

Is above claim legitimate and what are the features and functionalities added which simply enable traps to replace legacy av software? (in contrary to the earlier versions)

Kind regards,
Tomasz Tajchman

Roland Gafner2:29 am on August 10, 2016

I think this mostly due to the new Local Analysis Module and the added Quarantine functionality in 3.4.
Even when an Traps Endpoint is offline, Local Analysis will still deliver an instant verdict to prevent malware from being executed. This was not the case with Traps < 3.4